package com.gjs.intranet.config;

import com.gjs.common.filter.JWTAccessDeniedHandler;
import com.gjs.common.filter.JWTAuthenticationEntryPoint;
import com.gjs.common.filter.JWTAuthorizationFilter;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

// 使用@EnableOAuth2Sso注解并基于session的单点登录方式
//@Configuration
//@EnableOAuth2Sso
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
//public class SecurityConfig extends WebSecurityConfigurerAdapter {
//
//    @Override
//    public void configure(HttpSecurity http) throws Exception {
//        http.cors().and().csrf().disable()
//                .authorizeRequests()
//                .antMatchers("/").permitAll()
//                .anyRequest().authenticated();
////                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // 不需要session
//    }
//}

// 通过HTTP自实现的单点登录，不基于session
@Slf4j
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public BCryptPasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Bean
    @ConfigurationProperties(prefix = "jwt.management")
    public JWTAuthorizationFilter JWTAuthorizationFilter() throws Exception {
        return new JWTAuthorizationFilter(authenticationManager());
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
                .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .addFilter(JWTAuthorizationFilter())
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 不需要session
                .and()
                .exceptionHandling().authenticationEntryPoint(new JWTAuthenticationEntryPoint()) //token校验失败的处理
                .accessDeniedHandler(new JWTAccessDeniedHandler()); //无权限时的处理
    }

    //静态资源配置
    @Override
    public void configure(WebSecurity web) throws Exception {
        //swagger2所需要用到的静态资源，允许访问
        web.ignoring().antMatchers("/v2/api-docs",
                "/webjars/springfox-swagger-ui/**",
                "/swagger-resources/**",
                "/swagger-ui.html");
    }
}